Cluster Encryption
E2E Kubernetes supports encryption at rest for a cluster's disks. Encryption protects the data stored on the master and worker nodes' volumes.
Encryption is configured only at creation time and cannot be enabled or disabled on an existing cluster.
Enable Encryption
When you create a cluster, open Advanced Settings and select Enable Encryption.
- A passphrase is optional. If you provide one, keep it safe - it is part of protecting the encrypted volumes.
- Encrypted clusters are marked with a lock icon next to the cluster name in the Kubernetes list and on the cluster details page.
What Encryption Covers
Encryption applies to the cluster's node disks (data at rest). It does not change how you connect to the cluster or use kubectl, and it does not affect persistent volumes you provision separately - see Persistent Volumes for storage options.
Related Resources
| Resource | Use it for |
|---|---|
| Create a Cluster | Enable encryption during creation. |
| Node Encryption | Encryption-at-rest behavior for compute nodes. |
| Security Groups | Network-level security for the cluster. |
Last updated on June 24, 2026.